Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Sekoia] Retrieve the list of entity sources #3176

Closed
Lhorus6 opened this issue Dec 20, 2024 · 0 comments · Fixed by #3299
Closed

[Sekoia] Retrieve the list of entity sources #3176

Lhorus6 opened this issue Dec 20, 2024 · 0 comments · Fixed by #3299
Assignees
@Lhorus6
Labels
feature use for describing a new feature to develop solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 6.5.2

Comments

@Lhorus6
Copy link
Contributor

Lhorus6 commented Dec 20, 2024

Use case

Sekoia provides a list of sources who have reported the information. Example: for an indicator, they list the sources that flagged this indicator.

The need is to know which source has reported the information, which is currently not retrieved in OpenCTI but provided by Sekoia. The information is contained in a custom Sekoia field, named "x_inthreat_sources_refs" (this field is a list of source name)

Current Workaround

Nothing, the data is lost

Proposed Solution

The various sources would have to be imported into the platform. Since STIX does not allow multiple “Author”, one idea would be to record them in labels, e.g. “source:Name1”, “source:Name2”, ...

One value in the "x_inthreat_sources_refs" list could be mapped as one label.

Additional Information

The "x_inthreat_sources_refs" list contains a list of STIX IDs (like the “CreatedBy” field), so we'll need to resolve the entities to retrieve their names

Would you be willing to submit a PR?

If needed, yes
@Lhorus6 Lhorus6 added feature use for describing a new feature to develop needs triage use to identify issue needing triage from Filigran Product team labels Dec 20, 2024
@Lhorus6 Lhorus6 self-assigned this Jan 13, 2025
@Lhorus6 Lhorus6 removed the needs triage use to identify issue needing triage from Filigran Product team label Jan 13, 2025
@Lhorus6 Lhorus6 mentioned this issue Jan 17, 2025
Merged
4 tasks
@Lhorus6 Lhorus6 linked a pull request Jan 17, 2025 that will close this issue
[Sekoia] Retrieve the list of entity sources #3299
Merged
4 tasks
@helene-nguyen helene-nguyen added the solved use to identify issue that has been solved (must be linked to the solving PR) label Feb 10, 2025
@helene-nguyen helene-nguyen added this to the Release 6.5.2 milestone Feb 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Lhorus6 Lhorus6

Labels
feature use for describing a new feature to develop solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 6.5.2
Development

Successfully merging a pull request may close this issue.

[Sekoia] Retrieve the list of entity sources OpenCTI-Platform/connectors
2 participants
@Lhorus6 @helene-nguyen